From: Marco Elver <elver@google.com>
To: elver@google.com, akpm@linux-foundation.org, glider@google.com
Cc: hpa@zytor.com, paulmck@kernel.org, andreyknvl@google.com,
aryabinin@virtuozzo.com, luto@kernel.org, bp@alien8.de,
catalin.marinas@arm.com, cl@linux.com,
dave.hansen@linux.intel.com, rientjes@google.com,
dvyukov@google.com, edumazet@google.com,
gregkh@linuxfoundation.org, hdanton@sina.com, mingo@redhat.com,
jannh@google.com, Jonathan.Cameron@huawei.com, corbet@lwn.net,
iamjoonsoo.kim@lge.com, joern@purestorage.com,
keescook@chromium.org, mark.rutland@arm.com, penberg@kernel.org,
peterz@infradead.org, sjpark@amazon.com, tglx@linutronix.de,
vbabka@suse.cz, will@kernel.org, x86@kernel.org,
linux-doc@vger.kernel.org, linux-kernel@vger.kernel.org,
kasan-dev@googlegroups.com, linux-arm-kernel@lists.infradead.org,
linux-mm@kvack.org
Subject: [PATCH v5 6/9] kfence, kasan: make KFENCE compatible with KASAN
Date: Tue, 27 Oct 2020 15:16:03 +0100 [thread overview]
Message-ID: <20201027141606.426816-7-elver@google.com> (raw)
In-Reply-To: <20201027141606.426816-1-elver@google.com>
From: Alexander Potapenko <glider@google.com>
We make KFENCE compatible with KASAN for testing KFENCE itself. In
particular, KASAN helps to catch any potential corruptions to KFENCE
state, or other corruptions that may be a result of freepointer
corruptions in the main allocators.
To indicate that the combination of the two is generally discouraged,
CONFIG_EXPERT=y should be set. It also gives us the nice property that
KFENCE will be build-tested by allyesconfig builds.
Reviewed-by: Dmitry Vyukov <dvyukov@google.com>
Co-developed-by: Marco Elver <elver@google.com>
Signed-off-by: Marco Elver <elver@google.com>
Signed-off-by: Alexander Potapenko <glider@google.com>
---
v5:
* Also guard kasan_unpoison_shadow with is_kfence_address(), as it may
be called from SL*B internals, currently ksize().
* Make kasan_record_aux_stack() compatible with KFENCE, which may be
called from outside KASAN runtime.
---
lib/Kconfig.kfence | 2 +-
mm/kasan/common.c | 15 +++++++++++++++
mm/kasan/generic.c | 3 ++-
3 files changed, 18 insertions(+), 2 deletions(-)
diff --git a/lib/Kconfig.kfence b/lib/Kconfig.kfence
index d24baa3bce4a..639b48cc75d4 100644
--- a/lib/Kconfig.kfence
+++ b/lib/Kconfig.kfence
@@ -5,7 +5,7 @@ config HAVE_ARCH_KFENCE
menuconfig KFENCE
bool "KFENCE: low-overhead sampling-based memory safety error detector"
- depends on HAVE_ARCH_KFENCE && !KASAN && (SLAB || SLUB)
+ depends on HAVE_ARCH_KFENCE && (!KASAN || EXPERT) && (SLAB || SLUB)
depends on JUMP_LABEL # To ensure performance, require jump labels
select STACKTRACE
help
diff --git a/mm/kasan/common.c b/mm/kasan/common.c
index 950fd372a07e..ac1d404fb41e 100644
--- a/mm/kasan/common.c
+++ b/mm/kasan/common.c
@@ -18,6 +18,7 @@
#include <linux/init.h>
#include <linux/kasan.h>
#include <linux/kernel.h>
+#include <linux/kfence.h>
#include <linux/kmemleak.h>
#include <linux/linkage.h>
#include <linux/memblock.h>
@@ -141,6 +142,14 @@ void kasan_unpoison_shadow(const void *address, size_t size)
*/
address = reset_tag(address);
+ /*
+ * We may be called from SL*B internals, such as ksize(): with a size
+ * not a multiple of machine-word size, avoid poisoning the invalid
+ * portion of the word for KFENCE memory.
+ */
+ if (is_kfence_address(address))
+ return;
+
kasan_poison_shadow(address, size, tag);
if (size & KASAN_SHADOW_MASK) {
@@ -396,6 +405,9 @@ static bool __kasan_slab_free(struct kmem_cache *cache, void *object,
tagged_object = object;
object = reset_tag(object);
+ if (is_kfence_address(object))
+ return false;
+
if (unlikely(nearest_obj(cache, virt_to_head_page(object), object) !=
object)) {
kasan_report_invalid_free(tagged_object, ip);
@@ -444,6 +456,9 @@ static void *__kasan_kmalloc(struct kmem_cache *cache, const void *object,
if (unlikely(object == NULL))
return NULL;
+ if (is_kfence_address(object))
+ return (void *)object;
+
redzone_start = round_up((unsigned long)(object + size),
KASAN_SHADOW_SCALE_SIZE);
redzone_end = round_up((unsigned long)object + cache->object_size,
diff --git a/mm/kasan/generic.c b/mm/kasan/generic.c
index 248264b9cb76..1069ecd1cd55 100644
--- a/mm/kasan/generic.c
+++ b/mm/kasan/generic.c
@@ -21,6 +21,7 @@
#include <linux/init.h>
#include <linux/kasan.h>
#include <linux/kernel.h>
+#include <linux/kfence.h>
#include <linux/kmemleak.h>
#include <linux/linkage.h>
#include <linux/memblock.h>
@@ -332,7 +333,7 @@ void kasan_record_aux_stack(void *addr)
struct kasan_alloc_meta *alloc_info;
void *object;
- if (!(page && PageSlab(page)))
+ if (is_kfence_address(addr) || !(page && PageSlab(page)))
return;
cache = page->slab_cache;
--
2.29.0.rc2.309.g374f81d7ae-goog
WARNING: multiple messages have this Message-ID (diff)
From: Marco Elver <elver@google.com>
To: elver@google.com, akpm@linux-foundation.org, glider@google.com
Cc: mark.rutland@arm.com, hdanton@sina.com,
linux-doc@vger.kernel.org, peterz@infradead.org,
catalin.marinas@arm.com, dave.hansen@linux.intel.com,
linux-mm@kvack.org, edumazet@google.com, hpa@zytor.com,
cl@linux.com, will@kernel.org, sjpark@amazon.com, corbet@lwn.net,
x86@kernel.org, kasan-dev@googlegroups.com, mingo@redhat.com,
vbabka@suse.cz, rientjes@google.com, aryabinin@virtuozzo.com,
joern@purestorage.com, keescook@chromium.org, paulmck@kernel.org,
jannh@google.com, andreyknvl@google.com, bp@alien8.de,
luto@kernel.org, Jonathan.Cameron@huawei.com, tglx@linutronix.de,
dvyukov@google.com, linux-arm-kernel@lists.infradead.org,
gregkh@linuxfoundation.org, linux-kernel@vger.kernel.org,
penberg@kernel.org, iamjoonsoo.kim@lge.com
Subject: [PATCH v5 6/9] kfence, kasan: make KFENCE compatible with KASAN
Date: Tue, 27 Oct 2020 15:16:03 +0100 [thread overview]
Message-ID: <20201027141606.426816-7-elver@google.com> (raw)
In-Reply-To: <20201027141606.426816-1-elver@google.com>
From: Alexander Potapenko <glider@google.com>
We make KFENCE compatible with KASAN for testing KFENCE itself. In
particular, KASAN helps to catch any potential corruptions to KFENCE
state, or other corruptions that may be a result of freepointer
corruptions in the main allocators.
To indicate that the combination of the two is generally discouraged,
CONFIG_EXPERT=y should be set. It also gives us the nice property that
KFENCE will be build-tested by allyesconfig builds.
Reviewed-by: Dmitry Vyukov <dvyukov@google.com>
Co-developed-by: Marco Elver <elver@google.com>
Signed-off-by: Marco Elver <elver@google.com>
Signed-off-by: Alexander Potapenko <glider@google.com>
---
v5:
* Also guard kasan_unpoison_shadow with is_kfence_address(), as it may
be called from SL*B internals, currently ksize().
* Make kasan_record_aux_stack() compatible with KFENCE, which may be
called from outside KASAN runtime.
---
lib/Kconfig.kfence | 2 +-
mm/kasan/common.c | 15 +++++++++++++++
mm/kasan/generic.c | 3 ++-
3 files changed, 18 insertions(+), 2 deletions(-)
diff --git a/lib/Kconfig.kfence b/lib/Kconfig.kfence
index d24baa3bce4a..639b48cc75d4 100644
--- a/lib/Kconfig.kfence
+++ b/lib/Kconfig.kfence
@@ -5,7 +5,7 @@ config HAVE_ARCH_KFENCE
menuconfig KFENCE
bool "KFENCE: low-overhead sampling-based memory safety error detector"
- depends on HAVE_ARCH_KFENCE && !KASAN && (SLAB || SLUB)
+ depends on HAVE_ARCH_KFENCE && (!KASAN || EXPERT) && (SLAB || SLUB)
depends on JUMP_LABEL # To ensure performance, require jump labels
select STACKTRACE
help
diff --git a/mm/kasan/common.c b/mm/kasan/common.c
index 950fd372a07e..ac1d404fb41e 100644
--- a/mm/kasan/common.c
+++ b/mm/kasan/common.c
@@ -18,6 +18,7 @@
#include <linux/init.h>
#include <linux/kasan.h>
#include <linux/kernel.h>
+#include <linux/kfence.h>
#include <linux/kmemleak.h>
#include <linux/linkage.h>
#include <linux/memblock.h>
@@ -141,6 +142,14 @@ void kasan_unpoison_shadow(const void *address, size_t size)
*/
address = reset_tag(address);
+ /*
+ * We may be called from SL*B internals, such as ksize(): with a size
+ * not a multiple of machine-word size, avoid poisoning the invalid
+ * portion of the word for KFENCE memory.
+ */
+ if (is_kfence_address(address))
+ return;
+
kasan_poison_shadow(address, size, tag);
if (size & KASAN_SHADOW_MASK) {
@@ -396,6 +405,9 @@ static bool __kasan_slab_free(struct kmem_cache *cache, void *object,
tagged_object = object;
object = reset_tag(object);
+ if (is_kfence_address(object))
+ return false;
+
if (unlikely(nearest_obj(cache, virt_to_head_page(object), object) !=
object)) {
kasan_report_invalid_free(tagged_object, ip);
@@ -444,6 +456,9 @@ static void *__kasan_kmalloc(struct kmem_cache *cache, const void *object,
if (unlikely(object == NULL))
return NULL;
+ if (is_kfence_address(object))
+ return (void *)object;
+
redzone_start = round_up((unsigned long)(object + size),
KASAN_SHADOW_SCALE_SIZE);
redzone_end = round_up((unsigned long)object + cache->object_size,
diff --git a/mm/kasan/generic.c b/mm/kasan/generic.c
index 248264b9cb76..1069ecd1cd55 100644
--- a/mm/kasan/generic.c
+++ b/mm/kasan/generic.c
@@ -21,6 +21,7 @@
#include <linux/init.h>
#include <linux/kasan.h>
#include <linux/kernel.h>
+#include <linux/kfence.h>
#include <linux/kmemleak.h>
#include <linux/linkage.h>
#include <linux/memblock.h>
@@ -332,7 +333,7 @@ void kasan_record_aux_stack(void *addr)
struct kasan_alloc_meta *alloc_info;
void *object;
- if (!(page && PageSlab(page)))
+ if (is_kfence_address(addr) || !(page && PageSlab(page)))
return;
cache = page->slab_cache;
--
2.29.0.rc2.309.g374f81d7ae-goog
_______________________________________________
linux-arm-kernel mailing list
linux-arm-kernel@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-arm-kernel
next prev parent reply other threads:[~2020-10-27 18:06 UTC|newest]
Thread overview: 30+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-10-27 14:15 [PATCH v5 0/9] KFENCE: A low-overhead sampling-based memory safety error detector Marco Elver
2020-10-27 14:15 ` Marco Elver
2020-10-27 14:15 ` Marco Elver
2020-10-27 14:15 ` [PATCH v5 1/9] mm: add Kernel Electric-Fence infrastructure Marco Elver
2020-10-27 14:15 ` Marco Elver
2020-10-27 14:15 ` Marco Elver
2020-10-27 14:15 ` [PATCH v5 2/9] x86, kfence: enable KFENCE for x86 Marco Elver
2020-10-27 14:15 ` Marco Elver
2020-10-27 14:15 ` Marco Elver
2020-10-27 14:16 ` [PATCH v5 3/9] arm64, kfence: enable KFENCE for ARM64 Marco Elver
2020-10-27 14:16 ` Marco Elver
2020-10-27 14:16 ` Marco Elver
2020-10-27 14:16 ` [PATCH v5 4/9] mm, kfence: insert KFENCE hooks for SLAB Marco Elver
2020-10-27 14:16 ` Marco Elver
2020-10-27 14:16 ` Marco Elver
2020-10-27 14:16 ` [PATCH v5 5/9] mm, kfence: insert KFENCE hooks for SLUB Marco Elver
2020-10-27 14:16 ` Marco Elver
2020-10-27 14:16 ` Marco Elver
2020-10-27 14:16 ` Marco Elver [this message]
2020-10-27 14:16 ` [PATCH v5 6/9] kfence, kasan: make KFENCE compatible with KASAN Marco Elver
2020-10-27 14:16 ` Marco Elver
2020-10-27 14:16 ` [PATCH v5 7/9] kfence, Documentation: add KFENCE documentation Marco Elver
2020-10-27 14:16 ` Marco Elver
2020-10-27 14:16 ` Marco Elver
2020-10-27 14:16 ` [PATCH v5 8/9] kfence: add test suite Marco Elver
2020-10-27 14:16 ` Marco Elver
2020-10-27 14:16 ` Marco Elver
2020-10-27 14:16 ` [PATCH v5 9/9] MAINTAINERS: Add entry for KFENCE Marco Elver
2020-10-27 14:16 ` Marco Elver
2020-10-27 14:16 ` Marco Elver
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20201027141606.426816-7-elver@google.com \
--to=elver@google.com \
--cc=Jonathan.Cameron@huawei.com \
--cc=akpm@linux-foundation.org \
--cc=andreyknvl@google.com \
--cc=aryabinin@virtuozzo.com \
--cc=bp@alien8.de \
--cc=catalin.marinas@arm.com \
--cc=cl@linux.com \
--cc=corbet@lwn.net \
--cc=dave.hansen@linux.intel.com \
--cc=dvyukov@google.com \
--cc=edumazet@google.com \
--cc=glider@google.com \
--cc=gregkh@linuxfoundation.org \
--cc=hdanton@sina.com \
--cc=hpa@zytor.com \
--cc=iamjoonsoo.kim@lge.com \
--cc=jannh@google.com \
--cc=joern@purestorage.com \
--cc=kasan-dev@googlegroups.com \
--cc=keescook@chromium.org \
--cc=linux-arm-kernel@lists.infradead.org \
--cc=linux-doc@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-mm@kvack.org \
--cc=luto@kernel.org \
--cc=mark.rutland@arm.com \
--cc=mingo@redhat.com \
--cc=paulmck@kernel.org \
--cc=penberg@kernel.org \
--cc=peterz@infradead.org \
--cc=rientjes@google.com \
--cc=sjpark@amazon.com \
--cc=tglx@linutronix.de \
--cc=vbabka@suse.cz \
--cc=will@kernel.org \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.